Quality-in-Use ( QinU) is one of the most important quality aspects of a web application, which represent users' viewpoint. Measuring QinU gives a strong indicator on the success of web applications. In addition, it has been used frequently to evaluate the overall quality of web applications. There are many studies in QinU that enriched the science of web engineering. However, contributions of these studies were dispersed and usually address a certain aspect of QinU. This study attempts to gather and improve the best contributions of the previous studies in a conceptual framework to evaluate QinU based on ISO/IEC 25010 and 25012 standards. The outcome is a proposed framework, which will demonstrate the procedural flow between different stakeholders (Decision-maker, Evaluator, Developer and End-user). This procedural flow affects the evaluation process of web application quality. Furthermore, the framework demonstrates the process of measuring QinU attributes by implementing the proposed Quality-in-Use Evaluation Model (QinUEM). The future works are to evaluate the Quality-in-Use of several web applications using the proposed conceptual framework and test the results using quantitative and qualitative methods.

Phishing is a threat in which users are sent fake emails that urge them to click a link (URL) which takes to a phisher's website. At that site, users' accounts information could be lost. Many technical and non-technical solutions have been proposed to fight phishing attacks. To stop such attacks, it is important to select the correct feature(s) to detect phishing emails. Thus, the current work presents a new method to selecting more efficient feature in detecting phishing emails. Best features can be extracted from email's body (content) part. Keywords and URLs are known features that can be extracted from email's body part. These two features are very relevant to the three general aspects of email, these aspects are, email's sender, email's content, and email's receiver. In this work, three effectiveness criteria were derived based on these aspects of email. Such criteria were used to evaluate the efficiency of Keywords and URLs features in detecting phishing emails by measuring their Effectiveness Metric (EM) values. The experimental results obtained from analyzing more than 8000 ham (legitimate) and phishing emails from two different datasets show that, relying upon the URLs feature in detecting phishing emails will predominantly give more precise results than relying upon the Keywords feature in a such task.

Currently, there are many attacks and exploitation to Android smartphones by the attackers all over the world. These attacks are based on profit and caused loss of money and productivity to the victim. This exploitation can be done via camera, SMS, call, audio, image or location exploitation by attacking the system call, permission or API inside the Android smartphone. Therefore, this paper presents 32 mobile malware classification based on system call and permission to detect camera exploitation for Android smartphone. The experiment was conducted in a controlled lab environment, by applying reverse engineering with 5560 training dataset from Drebin, where both static and dynamic analyses were used to identify and extract the permission and system call from the mobile applications (apps). These 32 classification have been evaluated with 500 mobile apps from Google Play Store and 19 mobile apps matched with the classification. This new classification can be used as the database and input for the development of new mobile malware detection model for camera exploitation.

Most of the existing methods focus on extracting concepts and identifying the hierarchy of concepts. However, in order to provide the whole view of the domain, the non-taxonomic relationships between concepts are also needed. Most of extracting techniques for non-taxonomic relation only identify concepts and relations in a complete sentence. However, the domain texts may not be properly presented as some sentences in domain text have missing or unsure term of concepts. This paper proposes a technique to overcome the issue of missing concepts in incomplete sentence. The proposed technique is based on the similarity precision for selecting missing concept in incomplete sentence. The approach has been tested with Science corpus. The experiment results were compared with the results that have been evaluated by the domain experts manually. The result shows that the proposed method has increased the relationships of domain texts thus providing better results compared to several existing method.

Prior conducting malware analysis, many researchers were facing difficulties to clean up the dataset and they took longer time to complete these processes due to lack of malware dataset that are free from any noise or any irrelevant data and lack of malware analysis skill. Therefore, an efficient Easy Computer Emergency Response Team Malware Reservoir System (eZCERT) has been developed to overcome such problems. It is a comprehensive and an efficient malwares incident handling system where it consists of standard operating procedures (SOP) for malware incident handling. It also has the capability to detect and respond to malware attacks. Furthermore, the novelty of this system is based on the integration of the incident response, apoptosis, case-based reasoning (CBR) and Knowledge Data Discovery (KDD). The evaluation testing result showed that the eZCERT managed to produce a better accuracy detection rate. Hence, this eZCERT can he used as the basis guideline for malware researchers in building malware dataset and doing malware analysis.

Authentication plays a significant role in computer security to validate human users. CAPTCHA is one of human interaction proof test to verify whether user is a human or a computer program. It has become a very popular security mechanism used to prevent any automated abuse of online services which is intended for human user. The test usually is provided in the authentication phase where the user will be directed to the next page if they are authorized. From the login site, an attacker creates a program exploiting the username and password to get into a website. Recently, there are a lot of different types of CAPTCHA available on the internet. However, most of them have been successfully attacked by automated programs. Thus, this paper investigates existing related works on CAPTCHA which focus on login authentication and authorization by proposes a different approach using Jawi script. Based on investigations of the systematic review and preliminary findings, it shows that this is the first work that proposed using a different script and possible future directions for producing more reliable human/computer distinguishers. Future works will develop an alternative and stronger CAPTCHA to prevent breaking cyber-attack such as dictionary attack while maintaining ease of implementation on website and ease of use for human by reducing the difficulties on reading the CAPTCHA.

Android has dominated the smartphone market share with 82.8% compared to other platforms such as iOS, Windows, Blackberry OS and others in the world. This growth makes the android being most targeted by mobile malwares. There are many ways to infect users with malicious applications such as by uploading the infected apps at the third party store, repackaged application and drive-by-download. This paper presents the commonly and widely used of permissions and APIs by the mobile botnet to exploit the smartphones. Experiment has been conducted in a controlled lab environment and by doing static analysis and reverse engineered the apps source code. The identified permissions and APIs in this experiment are crucial prior forming the mobile botnet detection model.

The increasing number of smartphone over the last few years reflects an impressive growth in the number of advanced malicious applications targeting the smartphone users. Recently, Android has become the most popular operating system opted by users and the most targeted platform for smartphone malware attack. Besides, current mobile malware classification and detection approaches are relatively immature as the new advanced malware exploitation and threats are difficult to be detected. Therefore, an efficient approach is proposed to improve the performance of the mobile malware classification and detection. In this research, a new system call classification with call logs exploitation for mobile attacks has been developed using tokenization approach. The experiment was conducted using static and dynamic-based analysis approach in a controlled lab. System calls with call logs exploitation from 5560 Drebin samples were extracted and further examined. This research paper aims to find the best n value and classifier in classifying the dataset based on the new patterns produced. Naive Bayes classifier has successfully achieved accuracy of 99.86% which gives the best result among other classifiers. This new system call classification can be used as a guidance and reference for other researchers in the same field for security against mobile malware attacks targeted to call logs exploitation.

The invention of smartphone have made life easier as it is capable of providing important functions used in user's daily life. While different operating system (OS) platform was built for smartphone, Android has become one of the most popular choice. Nonetheless, it is also the most targeted platform for mobile malware attack causing financial loss to the victims. Therefore, in this research, the exploitation on system calls in Android OS platform caused by mobile malware that could lead to financial loss were examined. The experiment was conducted in a controlled lab environment using open source tools by implementing dynamic analysis on 1260 datasets from the Android Malware Genome Project. Based on the experiment conducted, a new system call classification to exploit call logs for mobile attacks has been developed using Covering Algorithm. This new system call classification can be used as a reference for other researcher in the same field to secure against mobile malware attacks by exploiting call logs. In the future, this new system call classification could be used as a basis to develop a new model to detect mobile attacks exploitation via call logs.

Non-taxonomic relation is one of the most important components in ontology to describe a domain. Currently, most studies focused on extracting non-taxonomic relationships from text within the scope of single sentence. The predicate between two concepts (i.e. subject and object) that appear in a same sentence is extracted as potential relation. Therefore the number of identified relations is less that what it could be and does not properly represent the domain. In this paper, we introduced a method named Domain-specific Inter-textual non taxonomic extraction (DSINTE) to extract the non-taxonomic relations between two concepts that appear not only in a single sentence but also in different sentences. The proposed method has been illustrated using a collection of domain texts from New York Times website. Recall metrics have been used to evaluate the results of the experiments.

Technological advancements and rapid growth in the use of the Internet by the society have had a huge impact on information security. It has triggered the need for a major shift in the way web applications are developed. The high level security of these applications is crucial to their success. Therefore, information security has become a core requirement for producing trustworthy software driven by the need to guard critical assets. To develop a web application with adequate security features, it is highly recommended to capture security requirements early in the development lifecycle. In this paper, we propose a way of extending the V-Model requirements engineering phase to aid developers to engineer security requirements for a web application being developed, as well as, handling the security test planning. The aim is to support the proactive definition of security requirements by integrating security requirements engineering ( SRE) activities with requirements engineering ( RE) activities of the V-model.

Phishing is a cybercrime in which, attackers try to fraudulently retrieve users' credentials by mimicking trusted communication channels. The problem with phishing is that attackers still able to bypass anti-phishing automated systems through the human factor. It is not enough, therefore, to only add new technologies, aware users might play the key role in stopping phishing attacks. Based on that, phishing problem requires defense solutions that to be applied at both of the technical (automated systems) and non-technical (human) aspects. Phishing attacks, in general, are initiated through simulated emails with a false claim of being sent from trusted parties. The work in this paper is dedicated to fighting phishing threats at email's level in order to kill this type of attacks in the cradle. Users, therefore, are protected at a level which is prior of browsing phishing web pages. This paper proposes an anti-phishing model that designed based on the general taxonomy of the technical and non-technical aspects of phishing detection approaches. This paper, in addition, presents the general structure of the proposed anti-phishing system that developed based on the herein proposed model. The novelty of this model is the approach of combining both of the automated procedures with users' anti-phishing training method to detect phishing emails.

Existing research focus on extracting the concepts and relations within a single sentence or in subject-object object pattern. However, a problem arises when either the object or subject of a sentence is "missing" or "uncertain", which will cause the domain texts to be improperly presented as the relationship between concepts is no extracted. This paper proposes a solution for the enrichment of the knowledge of domain text by finding all possible relations. The proposed method suggests the appropriate or the most likely term for an uncertain subject or object of a sentence using the probability theory. In addition, the method can extract the relations between concepts (i.e. subject and object) that appear not only in a single sentence, but also in different sentences by using a synonym of the predicates. The proposed method has been tested and evaluated with a collection of domain texts that describe tourism. Precision, recall, and f-score metrics have been used to evaluate the results of the experiments.

The objective of this study is to see the trends of Mortality Rate due to Coronary Heart Disease among Malaysian population by different Age and Sex groups. This is due to statistics report from Department of Statistics Malaysia and Ministry of Health Malaysia that shown the number of Malaysians suffered coronary heart disease has increase every year. This study has been conducted to see current mortality rates from coronary heart disease in Malaysia. This study used Age Specific Death Rate to calculate mortality rates of CHD. This study also aimed to see which age group and gender have most number of death due to coronary heart disease in Malaysia. The data used in this study is secondary time series data from year 2001 to 2013 and were taken from Department of Statistics Malaysia (DOS). Generally, the result shows that the mortality rate of Coronary Heart Disease among Malaysians increases every year. Number of males suffered Coronary Heart Disease are more than females and age group 60 and above are the highest and riskiest group to suffer coronary heart disease.

Web accessibility aims at providing disabled users with a barrier-free user experience so they can use and contribute to the Web more effectively. However, not all websites comply with WCAG 2.0 which results in Web accessibility barriers in websites. Thus, assistive technologies such as screen readers would not be able to interpret the presented contents on the monitor due to these barriers and this will contribute to making websites inaccessible to disabled users. This paper proposed an innovative metric that assigns measurable weight to each identified barrier based on its severity and impacts on the accessibility level, and then ranks the barriers accordingly. Following, Web developers can fix the highly ranked severe barriers instead of wasting time in studying and fixing less severe types of barriers that may rarely occur. An experiment was conducted to check the metric validity. We found the metric was valid and thereby we suggested the usage of the metric as a valid scientific measurement.

Scheduling university timetabling for large numbers of students is a difficult task especially to ensure no overlapping. Most of timetables are prepared manually, or at best with the help of a spreadsheet program. However, a manual process requires numbers of verification by domain experts (for example lecturers, supervisors) before it can be approved. In this research, we focus on a solution to the university timetabling problem. We will consider various soft and hard constraints of time tabling parameters such as a number of subjects ("subject"), a number of lecture or tutorial sessions ("time slots"), a number of classrooms ("sessions"), number of teachers ("teacher"), number of students ("student") and number of workloads ("workload"). We use methods based on simulated annealing to obtain optimal and sub-optimal solutions to scheduling problems. We will illustrate our work on timetabling issues of Tamhidi Programme at Universiti Sains Islam Malaysia as our case study. (C) 2013 The Authors. Published by Elsevier Ltd.

University web pages play a central role in the activities of all students. In order to assess the current state of university web site accessibility, we performed an automated evaluation of the home pages of 20 Public Higher Educational Institutions of Malaysia. Two experiments were made in 2012 and 2013 to see if there is a significant change in the results. Three Online Automated tools were used along the two experiments to see the differences between numbers of accessibility issues discovered by each tool. The results showed significant issues and no big improvements have been made to the websites from 2012 to 2013.

This paper generally focus on how and where linked data could be integrated and used in the development of semantic feedback for teaching and learning in physical education. Feedback may currently be generated based upon a competence model. To achieve semantic interoperability and increase the level of reusability of feedback, competence should be represented as an explicitly defined, structured, and shared ontology. By providing shareable ways of representing a competence model, hierarchy or acyclic directed graph, human and machine would be helped to communicate easily in comparing competence structures and exchanging semantic feedback. Competence structures and semantic feedback could be published on the web using linked data principles. Linked data allows both coaches and athletes to browse the athlete's feedback and navigate the related competence structures and training materials.

Most of the existing techniques on relation extraction focus on extracting relation between subject, predicate and object in a single sentence. However, these techniques unable to handle the situation when the text has sentences that are incomplete: either does not have or unclear subject or object in sentence (i.e. "unsure" value). Thus this does not properly represent the domain text. This paper proposes an approach to predict and identify the unsure value to complete the sentences in the domain text. The proposed approach is based on the probability theory to identify terms (i.e., subject or object) that are more likely to replace the "unsure" value. We use voting machine domain text as a case study.

A novel metric for quantitatively measuring the severity of websites barriers that limit the accessibility for disabled people is proposed. The metric is based on the Web Content Accessibility Guidelines (WCAG 2.0), which is the most adopted voluntary web accessibility standard internationally that can be tested automatically. The proposed metric is intended to rank the accessibility barriers based on their severity rather than the total conformance to priority levels. Our metric meets the requirements as a measurement for scientific research. An experiment is conducted to assess the results of our metric and to reveal the commonplace violations that persist in websites and affect disabled people interacting with the web.